13 hours 9 minutes
Hello and welcome to another penetration. Testing execution Standard discussion. Today we're in pillaging part two of our post exploitation discussions. Now is a quick disclaimer. The Pee test videos do cover tools and techniques that could be used for system hacking.
So many tools discuss their used should be researched and understood by the user prior to their use.
And again please research your laws and regulations regarding the use of such tools in your given area to ensure that you do not break the law. Now, today's objectives are pretty straightforward and continuation of our first pillaging video. We're going to review backup systems. Network Service is sensitive data
user information review to cover things like on System's Web browsers and I am clients
and a review of system configurations. So all of this is going to help us to further understand how the network is laid out and what information we could then use to further exploit or move through our systems.
So back up systems are great because they usually are an agent or a piece of software with the purpose of backing up data, and it provides a great opportunity for the attacker for various things. It allows us to enumerate hosts and systems. Service is,
and we could potentially get credentials to host and or service's and access to backup data.
And in most cases,
folks do a few things. Depending on the environment. They could back up every system,
but in most cases they strategically backup systems and files because those would be considered critical and necessary to continue operations. And so this could also be a finding in that if you're able to access systems that air, having data sets backed up, I would review those data sets to understand what they are and what the value of those are to the organization.
Now we can also look at networking Service is like radius and attack us. So in this case, it would allow you to again enumerate users, enumerate hosts and systems, compromised credentials and show risk of denial of service if alternate methods are not present. And so
in this case, if radius were to be taken down or something of that nature, would you be unable to authenticate and do the things you need to do to operate and function?
Now getting into sensitive data, we can do some key logging now monitoring keystrokes. It is possible to detect sensitive information in P. I so don't know what the legality of this is. If the user is, say, Channing on private, I am on company time or software.
So I mean, if you're if you're an expert and, you know, let me know. But I'm assuming
that if there is no, um,
security policy on the use of company equipment and that the employees Earth has the right to monitor that activity, we could be in violation of some laws there. So if the company says that all data on the network could be monitored than it should be okay,
if the second bullet in protect yourself is present and it states that the use of equipment can be monitored and no personal use is permitted, Yes,
if the policy does not cover personal user Oh, our ownership of data, then no, I would not take the time to do key longing and things of that nature. So always ask those questions and ensure that key logging doesn't get you into any trouble now
on system information that we could gather history files could be great. So recent commands Maybe that had been executed. Reading through these can provide information on the system, data locations, other sensitive data, encryption keys or great interesting documents. So I looked for things like password dot
and then use a wild card there, and that will help you to maybe find password information that's stored on the system.
A specific application parameters are great and then individual application history that could be found on the system. Remember, we want to store passwords if we take any off the network or make a copy of something
we want to make sure we stored in an encrypted fashion. And any time we put that data in a report, it needs to be redacted and completely removed,
continuing with system configuration. Password policies were great because then we can understand the mental in length. And, um,
that will help us to understand whether or not we could do brute forcing effectively whether or not they force people to reset passwords etcetera.
And then if we can get our hands on wireless network information and keys, that could be great because then we could connect to a different segment of the networking, continue to get a new view of how things look and potentially get into other systems that we may not have been able to get to on the land network alone.
So let's do a quick check on learning. True or false key, logging can be a violation of the user's privacy, depending on the company's security policy.
All right, so yes, key Logan can be a violation of the user's privacy, depending on the company's security policy of the company. Policy clearly states that they could monitor information long information that they own all information. You should be good for the longing.
If it does not, and it allows for personal use on systems, then you may not want to do key logging. Always check with counsel
and ensure that you fully understand whether or not you'd be in violation of any laws. Here. Sochi Logan can be a violation of user privacy. Depending on the company, security policy is a true statement.
Now let's jump over to our summary. So we discussed backup systems and how those air beneficial we looked at. Network and service is sensitive data user information review coverings on system's Web browsers and I am clients, and we discuss system configuration
again, This is the tip of the iceberg, these air all touched on in the pee test standard.
But from the testing standpoint, if you're not covering some of these areas where you don't have a good check, let's list our methodology laid out for pillaging or what happens when you exploit a system.
It may be worth revisiting if the engagement ends, and it's just Hey, look, we got into the system and that's the end of it. Write the report,
then That is the way that that is. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.